17 Nov 2009

Audit of the Financial Transactions and Reports Analysis Centre of Canada

(from our news release)

The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) has more personal information in its database than it needs, uses or has the legislative authority to receive.

This was one of the key findings of the Privacy Commissioner of Canada’s in-depth audit of the independent agency mandated to analyze financial transactions and identify suspected money laundering and terrorist financing in Canada …

Legislative changes passed in 2006 expanded the types of transactions that must be reported to FINTRAC, as well as the number of professionals and organizations that are required to collect information about clients and to report it to FINTRAC. Examples of entities required to report to FINTRAC include financial institutions, life insurance companies, accountants and casinos.

The audit found that FINTRAC needs to do more to ensure that the amount of personal information it acquires is kept to an absolute minimum. A random sample of files examined in the audit turned up several reports that did not clearly demonstrate reasonable grounds to suspect money laundering or terrorist financing.  For example:

  • A reporting entity filed several reports stating it was “taking a conservative approach in reporting this … because there are no grounds for suspecting that this transaction is related to the commission of a money laundering offence, but there is a lack of evidence to prove that the transaction is legitimate.”
  • An individual deposited a government cheque for an amount less than $300 and then withdrew the entire amount. The financial institution filed a suspicious-transaction report, but did not indicate why the transaction was deemed suspicious.
  • A financial institution filed a report about an individual who had deposited a cheque from a law firm.  The institution was satisfied that the individual had provided legitimate reasons for the source of funds, but decided to notify FINTRAC anyway because of the individual’s ethnic origin and the fact that this person had visited a particular country.

“It is clear that such reports, containing not a shred of evidence of money laundering and terrorist financing, should not be making their way into the FINTRAC database,” says Commissioner Stoddart.

“It is a bedrock privacy principle that you collect only the personal information you need for a specific purpose,” she says. “The federal government needs to have a justifiable need to collect someone’s personal information. Clearly, FINTRAC needs to do more work with organizations to ensure it does not acquire personal information that it has no legislative authority to receive – and that it does not need or use.”

The audit recommended enhanced front-end screening of reports; stronger ongoing monitoring and review to ensure that information holdings are relevant and not excessive, and the permanent deletion of information that FINTRAC did not have the statutory authority to receive.

Under amendments passed in 2006, the Proceeds of Crime (Money Laundering) and Terrorist Financing Act requires the Privacy Commissioner to review FINTRAC every two years and report the results to Parliament.

2 Responses

Tweets that mention Office of the Privacy Commissioner » Blog Archive » Audit of the Financial Transactions and Reports Analysis Centre of Canada -- Topsy.com Says:

[…] This post was mentioned on Twitter by pr1vacy, Matthew Lloyd. Matthew Lloyd said: Office of the Privacy Commissioner » Blog Archive » Audit of the … http://bit.ly/3zFTTk […]

Stew Fettes Says:

The breaking headlines today November 25,2009 is the story where 400 officers in Quebec and Ontario are cracking down on several locations that were making fake documents. Were the originals stolen to provide legitamate numbers such as social insurance, passport, health cards etc. I suspect so.

This goes to the very core of the draconian legislation passed by Finance Minister Jim Flaherty and his Fintrac officials wherein they have deputized nearly 100,000 Real Estate sales people to gather information from their clients, such as drivers licence ID, health card numbers, social insurance numbers, passport numbers, and make hard copies and are forced to store them for five years, and if they don’t comply they can face fines of two million dollars and jail time.

In a typical Real Estate transaction here is what is now happening under Flaherty’s legislation. The Realtor collects the ID, then the Bank collects the same ID, then the Lawyer collects the same ID, then the Insurance Company collects the same ID. These groups are all tied to the purchase of a real estate transaction.

There are approximately 600,000 thousand Real Estate transactions per year in Canada. If you multiply the information gathered you have a ‘staggering’ 2.4 million pieces of ID floating around the marketplace waiting for a theft of identity documents to happen,and that is just doing Real Estate transactions.

I urge the Federal Privacy Commission to shut down Fintrac completely, until we can get this ‘ludicrous legislation’ sorted out, and preserve the identity of all innocent Canadians.

Leave a Reply

If you wish to leave a reply, you will be asked to provide your name and e-mail address. Your e-mail address is required for the purposes of limiting spam and contacting you should we have questions about your comment.

To learn more about why this information is collected and how it will be used, please read our Blog Comment Policy.